Filtered by vendor Pypdf Project
Subscribe
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-48735 | 1 Pypdf Project | 1 Pypdf | 2026-05-29 | N/A | 5.5 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1. | |||||
| CVE-2026-48156 | 1 Pypdf Project | 1 Pypdf | 2026-05-29 | N/A | 3.3 LOW |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W [0 0 0] values and large /Size values. This vulnerability is fixed in 6.12.0. | |||||
| CVE-2026-48155 | 1 Pypdf Project | 1 Pypdf | 2026-05-29 | N/A | 5.5 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0. | |||||
| CVE-2026-41312 | 1 Pypdf Project | 1 Pypdf | 2026-04-27 | N/A | 6.5 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal 1 and large predictor parameters. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually. | |||||
| CVE-2026-41313 | 1 Pypdf Project | 1 Pypdf | 2026-04-27 | N/A | 6.5 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually. | |||||
| CVE-2026-41314 | 1 Pypdf Project | 1 Pypdf | 2026-04-27 | N/A | 6.5 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using `/FlateDecode` with large size values. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually. | |||||
| CVE-2026-41168 | 1 Pypdf Project | 1 Pypdf | 2026-04-24 | N/A | 5.3 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large `/Size` values or object streams with wrong large `/N` values. This has been fixed in pypdf 6.10.1. As a workaround, one may apply the changes from the patch manually. | |||||
| CVE-2026-40260 | 1 Pypdf Project | 1 Pypdf | 2026-04-22 | N/A | 5.3 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has been fixed in version 6.10.0. | |||||
| CVE-2026-33699 | 1 Pypdf Project | 1 Pypdf | 2026-04-01 | N/A | 7.5 HIGH |
| pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider applying the changes from the patch manually. | |||||
| CVE-2026-33123 | 1 Pypdf Project | 1 Pypdf | 2026-03-23 | N/A | 6.5 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1. | |||||
| CVE-2026-31826 | 1 Pypdf Project | 1 Pypdf | 2026-03-17 | N/A | 5.5 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. This vulnerability is fixed in 6.8.0. | |||||
| CVE-2026-28804 | 1 Pypdf Project | 1 Pypdf | 2026-03-10 | N/A | 5.3 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5. | |||||
| CVE-2026-28351 | 1 Pypdf Project | 1 Pypdf | 2026-03-03 | N/A | 5.3 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaround, consider applying the changes from PR #3664. | |||||
| CVE-2026-27628 | 1 Pypdf Project | 1 Pypdf | 2026-02-27 | N/A | 7.5 HIGH |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually. | |||||
| CVE-2026-27888 | 1 Pypdf Project | 1 Pypdf | 2026-02-27 | N/A | 7.5 HIGH |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed using `/FlateDecode`. This has been fixed in pypdf 6.7.3. As a workaround, apply the patch manually. | |||||
| CVE-2026-24688 | 1 Pypdf Project | 1 Pypdf | 2026-02-25 | N/A | 4.3 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects cannot upgrade yet, consider applying the changes from PR #3610 manually. | |||||
| CVE-2026-27024 | 1 Pypdf Project | 1 Pypdf | 2026-02-24 | N/A | 5.5 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1. | |||||
| CVE-2026-27025 | 1 Pypdf Project | 1 Pypdf | 2026-02-24 | N/A | 5.5 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1. | |||||
| CVE-2026-27026 | 1 Pypdf Project | 1 Pypdf | 2026-02-24 | N/A | 5.5 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1. | |||||
| CVE-2026-22690 | 1 Pypdf Project | 1 Pypdf | 2026-01-22 | N/A | 5.3 MEDIUM |
| pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the /Root entry in the trailer, while using a rather large /Size value. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0. | |||||